无法hook回调函数?
我在代码中挂钩了一些函数,直到今天它的代码都运行得很好,然后由于回调函数我遇到了一个错误。
可以说..
如果我做类似的事情
puts("Hi!\n");
就很好了。我可以钩这个。
但如果我这样做...
typeof(puts) *fptr = puts;
fptr("Hi \n");
Hooking 不起作用?
我正在使用 OSX env 并搜索符号以进行挂钩。 有人可以建议我回调函数有什么问题以及我应该做什么来挂钩挂钩算法吗?
编辑:我做了一些更多的调试,以防万一有以下信息的人可以提供一些意见。
我认为这可能是问题的根源?
bool Hook(const char *name, void *impl) {
...
void **EntryInAdressTable = find(name);
if(EntryInAdressTable) {
*EntryInAdressTable = impl;
}
}
...
}
因此,这里发生的情况是,我使用我的实现更改了地址表中相应符号的条目,并在我的实现中调用了原始函数。
所以,我的猜测是,如果我们使用回调函数,则意味着我们直接引用函数地址而不通过地址表,这就是不调用挂钩方法的原因。
我对这一点说得对吗?如果是这样,有人可以建议我任何解决方法吗?
I was hooking few functions in my code and it was working pretty code till today and then I came across a bug due to call back function.
Lets say..
If I do something like
puts("Hi!\n");
works great. I can hook this.
But If I do this...
typeof(puts) *fptr = puts;
fptr("Hi \n");
Hooking does not work?
I am using OSX env and searching for symbols in order to do hooking.
Can someone suggest me whats wrong with callback functions and what I should be doing in to hook in hooking algorithm?
EDIT: I did some more debugging, in case if with the following information anyone who can provide some opinion.
I think this can be source of problem?
bool Hook(const char *name, void *impl) {
...
void **EntryInAdressTable = find(name);
if(EntryInAdressTable) {
*EntryInAdressTable = impl;
}
}
...
}
So, What's happening here is, I change the Entry in address table for corresponding symbol with my implementation and the in My implementation I call original function.
So, my guess is, If we use callback function, it means we referred directly to function address without going through the address table and thats why hooked method is not called.
Am I right on this one? If so can any one suggest me any workaround?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
假设您使用 LD_PRELOAD 来挂钩函数,当您获取指向 puts 的指针时,该指针可能绑定到链接器在链接时知道的版本,在标准库,并且当您的预加载库存在时不会被覆盖。我想不出任何方法来绕过这个。
Assuming you're using
LD_PRELOADto hook your functions, when you take a pointer toputs, the pointer is presumably bound to the version the linker knows about when you link, in the standard library, and isn't overridden when your preloaded library comes into existence. I can't think of any way to bypass this.如果我们通过查看符号表并替换函数地址来挂钩,只要我们使用符号表中的符号条目进行函数调用,则与符号条目相对应的函数地址就可以工作。如果我们直接使用函数地址(回调函数),是不行的。
If we hook by looking into symbol table and replacing the function adress there corresponding to symbol entry will work as long as we are making function call using symbol entry in symbol table. If we use function address directly (callback function), it will not work.